Apple iOS vulnerabilities
1,765 known vulnerabilities affecting apple/ios.
Total CVEs
1,765
CISA KEV
27
actively exploited
Public exploits
229
Exploited in wild
43
Severity breakdown
CRITICAL119HIGH907MEDIUM638LOW94UNKNOWN7
Vulnerabilities
Page 64 of 89
CVE-2015-3658P4MEDIUMCVSS 6.8v8.4
CVE-2015-3658 [MEDIUM] CVE-2015-3658: iOS 8.4
Apple Security Update: About the security content of iOS 8.4
Product: iOS
Version: 8.4
CVE: CVE-2015-3658
Component: CVE-ID
apple
CVE-2016-4758P4MEDIUMCVSS 6.5v102016-09-13
CVE-2016-4758 [MEDIUM] CVE-2016-4758: iOS 10
Apple Security Update: About the security content of iOS 10
Product: iOS
Version: 10
CVE: CVE-2016-4758
Component: WebKit
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.
apple
CVE-2014-8128P4MEDIUMCVSS 6.5v8.4
CVE-2014-8128 [MEDIUM] CVE-2014-8128: iOS 8.4
Apple Security Update: About the security content of iOS 8.4
Product: iOS
Version: 8.4
CVE: CVE-2014-8128
Component: CVE-2014-8128
apple
CVE-2018-4146P4MEDIUMCVSS 6.5v11.32018-03-29
CVE-2018-4146 [MEDIUM] CVE-2018-4146: iOS 11.3
Apple Security Update: About the security content of iOS 11.3
Product: iOS
Version: 11.3
CVE: CVE-2018-4146
Component: WebKit
Impact: Processing maliciously crafted web content may lead to a denial of service
Description: A memory corruption issue was addressed through improved input validation
apple
CVE-2016-1785P4MEDIUMCVSS 6.5v9.3
CVE-2016-1785 [MEDIUM] CVE-2016-1785: iOS 9.3
Apple Security Update: About the security content of iOS 9.3
Product: iOS
Version: 9.3
CVE: CVE-2016-1785
Component: CVE-ID
apple
CVE-2017-2453P4MEDIUMCVSS 6.5v10.32017-03-27
CVE-2017-2453 [MEDIUM] CVE-2017-2453: iOS 10.3
Apple Security Update: About the security content of iOS 10.3
Product: iOS
Version: 10.3
CVE: CVE-2017-2453
Component: Safari
Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing
Description: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.
apple
CVE-2019-8664P4MEDIUMCVSS 6.5≥ unspecified, < 12.32020-10-27
CVE-2019-8664 [MEDIUM] CWE-20 CVE-2019-8664: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.
nvdapple
CVE-2022-22658P4MEDIUMCVSS 6.5≥ unspecified, < 16.02022-11-01
CVE-2022-22658 [MEDIUM] CWE-20 CVE-2022-22658: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service.
nvdapple
CVE-2019-8554P4MEDIUMCVSS 6.5≥ unspecified, < iOS 12.22019-12-18
CVE-2019-8554 [MEDIUM] CVE-2019-8554: A permissions issue existed in the handling of motion and orientation data. This issue was addressed
A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access sensor information without user consent.
nvdapple
CVE-2018-4260P4MEDIUMCVSS 6.5v11.4.12018-07-09
CVE-2018-4260 [MEDIUM] CVE-2018-4260: iOS 11.4.1
Apple Security Update: About the security content of iOS 11.4.1
Product: iOS
Version: 11.4.1
CVE: CVE-2018-4260
Component: WebKit Page Loading
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
apple
CVE-2014-3660P4MEDIUMCVSS 5.0v8.4.1
CVE-2014-3660 [MEDIUM] CVE-2014-3660: iOS 8.4.1
Apple Security Update: About the security content of iOS 8.4.1
Product: iOS
Version: 8.4.1
CVE: CVE-2014-3660
Component: CVE-ID
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking.
apple
CVE-2020-3841P4MEDIUMCVSS 6.5≥ unspecified, < iOS 13.3.1 and iPadOS 13.3.12020-02-27
CVE-2020-3841 [MEDIUM] CWE-319 CVE-2020-3841: The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3
The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network.
nvd
CVE-2019-8625P4MEDIUMCVSS 6.1v132019-09-19
CVE-2019-8625 [MEDIUM] CVE-2019-8625: iOS 13
Apple Security Update: About the security content of iOS 13
Product: iOS
Version: 13
CVE: CVE-2019-8625
Component: WebKit
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved state management.
apple
CVE-2020-3902P4MEDIUMCVSS 6.1≥ unspecified, < iOS 13.4 and iPadOS 13.42020-04-01
CVE-2020-3902 [MEDIUM] CWE-79 CVE-2020-3902: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.
nvd
CVE-2019-8719P4MEDIUMCVSS 6.1v132019-09-19
CVE-2019-8719 [MEDIUM] CVE-2019-8719: iOS 13
Apple Security Update: About the security content of iOS 13
Product: iOS
Version: 13
CVE: CVE-2019-8719
Component: WebKit
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved state management.
apple
CVE-2017-7153P4MEDIUMCVSS 6.1v11.22017-12-02
CVE-2017-7153 [MEDIUM] CVE-2017-7153: iOS 11.2
Apple Security Update: About the security content of iOS 11.2
Product: iOS
Version: 11.2
CVE: CVE-2017-7153
Component: WebKit
Impact: Visiting a malicious website may lead to user interface spoofing
Description: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic.
apple
CVE-2020-3867P4MEDIUMCVSS 6.1≥ unspecified, < iOS 13.3.1 and iPadOS 13.3.12020-02-27
CVE-2020-3867 [MEDIUM] CWE-79 CVE-2020-3867: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iP
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
nvd
CVE-2016-4679P4MEDIUMCVSS 5.5v10.12016-10-24
CVE-2016-4679 [MEDIUM] CVE-2016-4679: iOS 10.1
Apple Security Update: About the security content of iOS 10.1
Product: iOS
Version: 10.1
CVE: CVE-2016-4679
Component: Kernel
Impact: A local application may be able to execute arbitrary code with root privileges
Description: Multiple object lifetime issues existed when spawning new processes. These were addressed through improved validation.
apple
CVE-2015-1104P4MEDIUMCVSS 5.0v8.3
CVE-2015-1104 [MEDIUM] CVE-2015-1104: iOS 8.3
Apple Security Update: About the security content of iOS 8.3
Product: iOS
Version: 8.3
CVE: CVE-2015-1104
Component: CVE-ID
apple
CVE-2015-1063P4HIGHCVSS 7.8v8.2
CVE-2015-1063 [HIGH] CVE-2015-1063: iOS 8.2
Apple Security Update: About the security content of iOS 8.2
Product: iOS
Version: 8.2
CVE: CVE-2015-1063
Component: CVE-ID
Impact: An attacker with a privileged network position may be able to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking.
apple